What Is Threat Modeling?

The first step to online security is figuring out what you're trying to protect, and who you're up against.

If you’re worried about getting hacked or spied on you have to first think about what’s called a threat model.

Threat modeling is one—if not the—most important and perhaps least understood component of staying secure online. So what is threat modeling exactly? It’s none other than thinking about what data you want to protect, and who you’re trying to protect it from. In other words: what are you worried about that might get hacked?

For example, say you’re trying to protect your email account from a snoopy friend, then it’s probably enough if you don’t share the password with that person, and don’t log into your email on their computer. But if you’re worried about cops or spies accessing that email account, then you might need to take other steps.

To help you figure out your threat model, consider these five questions:

What do you want to protect?

Who do you want to protect it from?

How likely is it that you will need to protect it?

How bad are the consequences if you fail?

How much trouble are you willing to go through in order to try to prevent those consequences?

By answering those questions, and figuring what solutions and tools you want to adopt based on them, you will come up with a threat model that works for you.

Overestimating your threat can be a problem too: if you start using obscure custom operating systems, virtual machines, or anything else technical when it's really not necessary (or you don't know how to use it), you’re probably wasting your time and might be putting yourself at risk. At best, even the most simple tasks might take a while longer; in a worst-case scenario, you might be lulling yourself into a false sense of security with services and hardware that you don’t need, while overlooking what actually matters to you and the actual threats you might be facing.